To summarize, if you are concerned about the safety of your medical records or credit card information – the threat to your right to choose your own government is much, much, much more vulnerable and real.

These vulnerabilities demonstrate the capability for attackers who gain access to specific components of the system to influ- ence and tamper with the confidentiality, integrity and availability of the elections process. Generally speaking, the vulnerabilities identified in the study stem largely from the lack of adoption of industry standard best practices that have been developed for the IT industry over the last several years…

MSI did not have access to the source code of the applications nor to any specific “insider information” other than data that was publicly available from the vendor and from the Interet. MSI was provided with access to the systems in an unrestricted manner for the purposes of testing. This access to he systems was used to identify the vulnerabilities of the system. Obviously, attackers would not be given such wide access to the systems in question, thus we take this intoconsideration when we discuss the identified issues. However, it should be noted that access could likely be obtained by determined and/or well-resourced attackers through a variety of means ranging from bribery and breaking-and-entering to social engineering and outright coercion. Histoy has shown that determined attackers often find powerful ways to gain access to their targets.

All three vendor systems reviewed have serious gaps in compliance with even the most basic set of in- formation security guidelines used by systems in industries such as finance, insurance, medical care, manufacturing, logistics and other global commerce. Given the extremely valuable data that these systems process and the fact that our very democracy and nation depend on the security of that data, much work remains to be done by all three vendors. Adoption of best practices and implementation of additional controls to create a defense-in-depth security posture are critical to enhance the security of these systems.

[Ohio Secretary of State] says, “the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant.” …

Hear no evil, see no evil, its easy when the records are destroyed or locked up beyond disclosure:

In direct violation of standing federal election law, 56 of Ohio’s 88 counties have since destroyed all or part of their 2004 election data. The materials were additionally protected by a federal court injunction in the King-Lincoln-Bronzeville federal civil rights lawsuit (in which we are attorney and plaintiff). To date, no state or federal prosecutions have resulted from this wholesale destruction of presidential election records, including 1.6 million ballots, cast and uncast, needed for definitive auditing procedures. However, two Cuyahoga County (Cleveland) election officials have been convicted of felony manipulation of an official recount. The Cleveland Plain-Dealer, the state’s largest newspaper, recently editorialized that there is “no evidence” the 2004 election was stolen, but omitted mention of the destruction of the electoral records by more than half the counties in the state. The Plain-Dealer and other mainstream media have consistently ignored findings by the Free Press and others indicating widespread manipulation and theft of the kind Brunner has now confirmed was eminently do-able within the Ohio system.

How is this relevant to CT?

First, we use the same Dieblold AccuVote-OS optical scanners that are covered in the Ohio report.

Second, when there is a recount or a contest in one race, the whole district is exempt from audit. So when Chris Caruso contested the primary in Bridgeport all races in town were exempted from the audit, and in that case will likely never be recounted. In 2008 or 2010 if one statewide office is contested, the entire election will be exempt from audit.

Third, once audits are complete, seals on ballots and election machines are no longer required. So, it a discrepancy is found it will be impossible to conduct an completely credible investigation or recount.